"DSA",
- [ "PQGGen", "fips_dssvs pqg" ],
- [ "KeyPair", "fips_dssvs keypair" ],
- [ "SigGen", "fips_dssvs siggen" ],
- [ "SigVer", "fips_dssvs sigver" ]
+ [ "PQGGen", "fips_dssvs pqg", "path:[^C]DSA/.*PQGGen" ],
+ [ "KeyPair", "fips_dssvs keypair", "path:[^C]DSA/.*KeyPair" ],
+ [ "SigGen", "fips_dssvs siggen", "path:[^C]DSA/.*SigGen" ],
+ [ "SigVer", "fips_dssvs sigver", "path:[^C]DSA/.*SigVer" ]
);
my @fips_dsa_pqgver_test_list = (
- [ "PQGVer", "fips_dssvs pqgver" ]
+ [ "PQGVer", "fips_dssvs pqgver", "path:[^C]DSA/.*PQGVer" ]
+
+);
+
+# DSA2 tests
+my @fips_dsa2_test_list = (
+
+ "DSA2",
+
+ [ "PQGGen", "fips_dssvs pqg", "path:[^C]DSA2/.*PQGGen" ],
+ [ "KeyPair", "fips_dssvs keypair", "path:[^C]DSA2/.*KeyPair" ],
+ [ "SigGen", "fips_dssvs siggen", "path:[^C]DSA2/.*SigGen" ],
+ [ "SigVer", "fips_dssvs sigver", "path:[^C]DSA2/.*SigVer" ],
+ [ "PQGVer", "fips_dssvs pqgver", "path:[^C]DSA2/.*PQGVer" ]
+
+);
+
+# ECDSA and ECDSA2 tests
+my @fips_ecdsa_test_list = (
+
+ "ECDSA",
+
+ [ "KeyPair", "fips_ecdsavs KeyPair", "path:/ECDSA/.*KeyPair" ],
+ [ "PKV", "fips_ecdsavs PKV", "path:/ECDSA/.*PKV" ],
+ [ "SigGen", "fips_ecdsavs SigGen", "path:/ECDSA/.*SigGen" ],
+ [ "SigVer", "fips_ecdsavs SigVer", "path:/ECDSA/.*SigVer" ],
+
+ "ECDSA2",
+
+ [ "KeyPair", "fips_ecdsavs KeyPair", "path:/ECDSA2/.*KeyPair" ],
+ [ "PKV", "fips_ecdsavs PKV", "path:/ECDSA2/.*PKV" ],
+ [ "SigGen", "fips_ecdsavs SigGen", "path:/ECDSA2/.*SigGen" ],
+ [ "SigVer", "fips_ecdsavs SigVer", "path:/ECDSA2/.*SigVer" ],
);
my @fips_rsa_pss0_test_list = (
[ "SigGenPSS(0)", "fips_rsastest -saltlen 0",
- '^\s*#\s*salt\s+len:\s+0\s*$' ],
+ 'file:^\s*#\s*salt\s+len:\s+0\s*$' ],
[ "SigVerPSS(0)", "fips_rsavtest -saltlen 0",
- '^\s*#\s*salt\s+len:\s+0\s*$' ],
+ 'file:^\s*#\s*salt\s+len:\s+0\s*$' ],
);
my @fips_rsa_pss62_test_list = (
[ "SigGenPSS(62)", "fips_rsastest -saltlen 62",
- '^\s*#\s*salt\s+len:\s+62\s*$' ],
+ 'file:^\s*#\s*salt\s+len:\s+62\s*$' ],
[ "SigVerPSS(62)", "fips_rsavtest -saltlen 62",
- '^\s*#\s*salt\s+len:\s+62\s*$' ],
+ 'file:^\s*#\s*salt\s+len:\s+62\s*$' ],
);
# SHA tests
[ "gcmDecrypt128", "fips_gcmtest -decrypt" ],
[ "gcmDecrypt192", "fips_gcmtest -decrypt" ],
[ "gcmDecrypt256", "fips_gcmtest -decrypt" ],
+ [ "gcmEncryptIntIV128", "fips_gcmtest -encrypt" ],
+ [ "gcmEncryptIntIV192", "fips_gcmtest -encrypt" ],
+ [ "gcmEncryptIntIV256", "fips_gcmtest -encrypt" ],
);
# SP800-90 DRBG tests
"SP800-90 DRBG",
[ "CTR_DRBG", "fips_drbgvs" ],
- [ "Hash_DRBG", "fips_drbgvs" ]
+ [ "Dual_EC_DRBG", "fips_drbgvs" ],
+ [ "Hash_DRBG", "fips_drbgvs" ],
+ [ "HMAC_DRBG", "fips_drbgvs" ]
);
# ECDH
"ECDH Ephemeral Primitives Only",
- [ "KASValidityTest_ECCEphemeralUnified_NOKC_ZZOnly_init",
- "fips_ecdhvs ecdhver" ],
- [ "KASValidityTest_ECCEphemeralUnified_NOKC_ZZOnly_resp",
- "fips_ecdhvs ecdhver" ],
+ [ "KAS_ECC_CDH_PrimitiveTest", "fips_ecdhvs ecdhgen" ],
+# [ "KASValidityTest_ECCEphemeralUnified_NOKC_ZZOnly_init",
+# "fips_ecdhvs ecdhver" ],
+# [ "KASValidityTest_ECCEphemeralUnified_NOKC_ZZOnly_resp",
+# "fips_ecdhvs ecdhver" ],
);
#
my %verify_special = (
- "PQGGen" => "fips_dssvs pqgver",
- "KeyPair" => "fips_dssvs keyver",
- "SigGen" => "fips_dssvs sigver",
- "SigGen15" => "fips_rsavtest",
- "SigGenRSA" => "fips_rsavtest -x931",
- "SigGenPSS(0)" => "fips_rsavtest -saltlen 0",
- "SigGenPSS(62)" => "fips_rsavtest -saltlen 62",
+ "DSA:PQGGen" => "fips_dssvs pqgver",
+ "DSA:KeyPair" => "fips_dssvs keyver",
+ "DSA:SigGen" => "fips_dssvs sigver",
+ "DSA2:PQGGen" => "fips_dssvs pqgver",
+ "DSA2:KeyPair" => "fips_dssvs keyver",
+ "DSA2:SigGen" => "fips_dssvs sigver",
+ "ECDSA:KeyPair" => "fips_ecdsavs PKV",
+ "ECDSA:SigGen" => "fips_ecdsavs SigVer",
+ "ECDSA2:KeyPair" => "fips_ecdsavs PKV",
+ "ECDSA2:SigGen" => "fips_ecdsavs SigVer",
+ "RSA:SigGen15" => "fips_rsavtest",
+ "RSA:SigGenRSA" => "fips_rsavtest -x931",
+ "RSA:SigGenPSS(0)" => "fips_rsavtest -saltlen 0",
+ "RSA:SigGenPSS(62)" => "fips_rsavtest -saltlen 62",
+ "ECDH Ephemeral Primitives Only:KAS_ECC_CDH_PrimitiveTest" => "skip"
);
my $win32 = $^O =~ m/mswin/i;
my $quiet = 0;
my $notest = 0;
my $verify = 1;
-my $rspdir = "rsp";
+my $rspdir = "resp";
my $ignore_missing = 0;
my $ignore_bogus = 0;
my $bufout = '';
my $outfile = '';
my $no_warn_missing = 0;
my $no_warn_bogus = 0;
+my $rmcmd = "rm -rf";
+my $mkcmd = "mkdir";
+my $cmpall = 0;
my %fips_enabled = (
dsa => 1,
- "dsa-pqgver" => 0,
+ dsa2 => 2,
+ "dsa-pqgver" => 2,
+ ecdsa => 2,
rsa => 1,
- "rsa-pss0" => 0,
+ "rsa-pss0" => 2,
"rsa-pss62" => 1,
sha => 1,
hmac => 1,
- cmac => 0,
+ cmac => 2,
"rand-aes" => 1,
"rand-des2" => 0,
aes => 1,
- "aes-cfb1" => 0,
+ "aes-cfb1" => 2,
des3 => 1,
- "des3-cfb1" => 0,
- drbg => 0,
- ccm => 0,
- "aes-xts" => 0,
- gcm => 0,
+ "des3-cfb1" => 2,
+ drbg => 2,
+ "aes-ccm" => 2,
+ "aes-xts" => 2,
+ "aes-gcm" => 2,
dh => 0,
- ecdh => 0,
+ ecdh => 2,
+ v2 => 1,
);
foreach (@ARGV) {
} elsif ( $_ eq "--generate" ) {
$verify = 0;
}
+ elsif ( $_ eq "--compare-all" ) {
+ $cmpall = 1;
+ }
elsif ( $_ eq "--notest" ) {
$notest = 1;
}
elsif (/--tprefix=(.*)$/) {
$tprefix = $1;
}
+ elsif (/^--disable-all$/) {
+ foreach (keys %fips_enabled) {
+ $fips_enabled{$_} = 0;
+ }
+ }
elsif (/^--(enable|disable)-(.*)$/) {
if ( !exists $fips_enabled{$2} ) {
print STDERR "Unknown test $2\n";
elsif (/--filter=(.*)$/) {
$filter = $1;
}
+ elsif (/--rm=(.*)$/) {
+ $rmcmd = $1;
+ }
+ elsif (/--script-tprefix=(.*)$/) {
+ $stprefix = $1;
+ }
+ elsif (/--mkdir=(.*)$/) {
+ $mkcmd = $1;
+ }
elsif (/^--list-tests$/) {
$list_tests = 1;
}
my @fips_test_list;
+
+if (!$fips_enabled{"v2"}) {
+ foreach (keys %fips_enabled) {
+ $fips_enabled{$_} = 0 if $fips_enabled{$_} == 2;
+ }
+}
+
push @fips_test_list, @fips_dsa_test_list if $fips_enabled{"dsa"};
push @fips_test_list, @fips_dsa_pqgver_test_list if $fips_enabled{"dsa-pqgver"};
+push @fips_test_list, @fips_dsa2_test_list if $fips_enabled{"dsa2"};
+push @fips_test_list, @fips_ecdsa_test_list if $fips_enabled{"ecdsa"};
push @fips_test_list, @fips_rsa_test_list if $fips_enabled{"rsa"};
push @fips_test_list, @fips_rsa_pss0_test_list if $fips_enabled{"rsa-pss0"};
push @fips_test_list, @fips_rsa_pss62_test_list if $fips_enabled{"rsa-pss62"};
my $nm = $$_[0];
$$_[3] = "";
$$_[4] = "";
- print STDERR "Duplicate test $nm\n" if exists $fips_tests{$nm};
- $fips_tests{$nm} = $_;
}
$tvdir = "." unless defined $tvdir;
--dir=<dirname> Optional root for *.req file search
--filter=<regexp>
--onedir <dirname> Assume all components in current directory
- --rspdir=<dirname> Name of subdirectories containing *.rsp files, default "rsp"
+ --rspdir=<dirname> Name of subdirectories containing *.rsp files, default "resp"
--tprefix=<prefix>
--ignore-bogus Ignore duplicate or bogus files
--ignore-missing Ignore missing test files
--quiet Shhh....
--generate Generate algorithm test output
+ --generate-script=<file> Create shell script of test commands
+ --minimal-script Keep script commands to a minimum
+ --mkdir=<command> Command to make directories in scripts
+ --rm=<command> Command to remove directories in scripts
--win32 Win32 environment
--enable-<alg> Enable algorithm set <alg>.
--disable-<alg> Disable algorithm set <alg>.
while (my ($key, $value) = each %fips_enabled)
{
printf "\t\t%-20s(%s by default)\n", $key ,
- $value ? "enabled" : "disabled";
+ $value == 1 ? "enabled" : "disabled";
}
}
my ( $test, $path ) = @_;
foreach $tref (@fips_test_list) {
next unless ref($tref);
- my ( $tst, $cmd, $regexp, $req, $resp ) = @$tref;
+ my ( $tst, $cmd, $excmd, $req, $resp ) = @$tref;
+ my $regexp;
$tst =~ s/\(.*$//;
- if ($tst eq $test) {
+ $test =~ s/_186-2//;
+ if (defined $excmd) {
+ if ($excmd =~ /^path:(.*)$/) {
+ my $fmatch = $1;
+ return $tref if ($path =~ /$fmatch/);
+ next;
+ }
+ elsif ($excmd =~ /^file:(.*)$/) {
+ $regexp = $1;
+ }
+ }
+ if ($test eq $tst) {
return $tref if (!defined $regexp);
my $found = 0;
my $line;
my ( $tname, $tref );
my $bad = 0;
my $lastdir = "";
+ $stprefix = $tprefix unless defined $stprefix;
if ($outfile ne "") {
open OUT, ">$outfile" || die "Can't open $outfile";
}
END
} else {
- print OUT <<\END;
+ print OUT <<END;
#!/bin/sh
# Test vector run script
echo Running Algorithm Tests
+RM="$rmcmd";
+MKDIR="$mkcmd";
+TPREFIX=$stprefix
+
END
}
}
+ my $ttype = "";
+
foreach (@fips_test_list) {
if ( !ref($_) ) {
if ($outfile ne "") {
} else {
print "Running $_ tests\n" unless $quiet;
}
+ $ttype = $_;
next;
}
my ( $tname, $tcmd, $regexp, $req, $rsp ) = @$_;
END
} else {
print OUT <<END
-rm -rf \"$outdir\"
-mkdir \"$outdir\"
+\$RM \"$outdir\"
+\$MKDIR \"$outdir\"
END
}
mkdir($outdir) || die "Can't create directory $outdir";
}
}
- my $cmd = "$tprefix$tcmd \"$req\" \"$out\"";
+ my $cmd = "$tcmd \"$req\" \"$out\"";
print STDERR "DEBUG: running test $tname\n" if ( $debug && !$verify );
if ($outfile ne "") {
- print OUT "echo \" running $tname test\"\n" unless $minimal_script;
- print OUT "$cmd\n";
+ if ($minimal_script) {
+ print OUT "$stprefix$cmd\n";
+ } else {
+ print OUT "echo \" running $tname test\"\n" unless $minimal_script;
+ print OUT "\${TPREFIX}$cmd\n";
+ }
} else {
+ $cmd = "$tprefix$cmd";
system($cmd);
if ( $? != 0 ) {
print STDERR
}
}
if ($verify) {
- if ( exists $verify_special{$tname} ) {
+ if ( exists $verify_special{"$ttype:$tname"} && !$cmpall) {
my $vout = $rsp;
$vout =~ s/\.rsp$/.ver/;
- $tcmd = $verify_special{$tname};
+ $tcmd = $verify_special{"$ttype:$tname"};
+ if ($tcmd eq "skip") {
+ print STDERR "DEBUG: No verify possible: skipped.\n" if $debug;
+ $scheckok++;
+ next;
+ }
$cmd = "$tprefix$tcmd ";
$cmd .= "\"$out\" \"$vout\"";
system($cmd);
my ( $tname, $rsp, $tst ) = @_;
my ( $rspf, $tstf );
my ( $rspline, $tstline );
+ my $monte = 0;
if ( !open( $rspf, $rsp ) ) {
print STDERR "ERROR: can't open request file $rsp\n";
return 0;
print STDERR "ERROR: can't open output file $tst\n";
return 0;
}
+ $monte = 1 if ($rsp =~ /Monte[123]/);
for ( ; ; ) {
$rspline = next_line($rspf);
$tstline = next_line($tstf);
print STDERR "DEBUG: $tname file comparison OK\n" if $debug;
return 1;
}
+ # Workaround for old broken DES3 MCT format which added bogus
+ # extra lines: after [ENCRYPT] or [DECRYPT] skip until first
+ # COUNT line.
+ if ($monte) {
+ if ($rspline =~ /CRYPT/) {
+ do {
+ $rspline = next_line($rspf);
+ } while (defined($rspline) && $rspline !~ /COUNT/);
+ }
+ if ($tstline =~ /CRYPT/) {
+ do {
+ $tstline = next_line($tstf);
+ } while (defined($tstline) && $tstline !~ /COUNT/);
+ }
+ }
if ( !defined($rspline) ) {
print STDERR "ERROR: $tname EOF on $rsp\n";
return 0;